Warning: Permanently added '10.128.1.45' (ECDSA) to the list of known hosts. 2019/10/05 02:22:29 fuzzer started 2019/10/05 02:22:31 dialing manager at 10.128.0.105:35709 2019/10/05 02:22:31 syscalls: 2523 2019/10/05 02:22:31 code coverage: enabled 2019/10/05 02:22:31 comparison tracing: enabled 2019/10/05 02:22:31 extra coverage: extra coverage is not supported by the kernel 2019/10/05 02:22:31 setuid sandbox: enabled 2019/10/05 02:22:31 namespace sandbox: enabled 2019/10/05 02:22:31 Android sandbox: /sys/fs/selinux/policy does not exist 2019/10/05 02:22:31 fault injection: enabled 2019/10/05 02:22:31 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/10/05 02:22:31 net packet injection: enabled 2019/10/05 02:22:31 net device setup: enabled 2019/10/05 02:22:31 concurrency sanitizer: enabled 02:22:33 executing program 0: r0 = creat(&(0x7f00000001c0)='./bus\x00', 0xffffffffffdffffe) r1 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$apparmor_current(r1, &(0x7f0000000380)=ANY=[@ANYRES64], 0x1) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$setstatus(r2, 0x4, 0x42800) r3 = open(&(0x7f0000000180)='./bus\x00', 0x0, 0x0) lsetxattr$security_selinux(0x0, &(0x7f00000002c0)='security.selinux\x00', &(0x7f0000000340)='system_u:object_r:inetd_var_run_t:s0\x00', 0x25, 0x0) getxattr(0x0, 0x0, &(0x7f0000000400)=""/206, 0xce) sendfile(r1, r3, 0x0, 0x8000fffffffe) creat(&(0x7f0000000140)='./bus\x00', 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc(&(0x7f0000000440)='TIPC\x00') sendmsg$TIPC_CMD_RESET_LINK_STATS(r4, 0x0, 0x0) sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r3, &(0x7f00000005c0)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000580)={0x0}, 0x1, 0x0, 0x0, 0x20000800}, 0x80050) pipe(&(0x7f0000000200)={0xffffffffffffffff}) vmsplice(r5, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) bind$netlink(0xffffffffffffffff, &(0x7f0000000000)={0x10, 0x0, 0x25dfdbfc}, 0xc) setsockopt$inet6_mtu(0xffffffffffffffff, 0x29, 0x17, &(0x7f0000000280), 0x4) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_sys\x00\xc7\xec\xac\xd9&{\x0f\x96\xad\xd1\x8fl![\x8f\xb9\f\xca\x1d\xc2{\xee\xb7\x03K\x0f\xa6\xaa;\xf6\x89\xf7b^\xa5\xafI\r\xc4\x9f\v\xf2\x1c\xdc\xddp2\xb7\xbb\x1b\xfev\xea\xed\xe0\xaa\xe8\xceR`\xbb\xf2\xed;pC\x19\xbfn\x16\xaa\x199\xfe.Q\xebvB\xd2\x19&l?\x87\x17H\x1f.\xdbA\x1b\xafz\xe3\xdc};*\xec\xfe\xfa\xfb/\x18g\x80y\xfe\x89', 0x26e1, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000600)={0xffffffffffffffff, 0x8, 0x10000, r0}) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000040)) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$kcm(0x29, 0x80000000000002, 0x0) write$cgroup_pid(0xffffffffffffffff, 0x0, 0x0) syzkaller login: [ 59.079607][ T7335] IPVS: ftp: loaded support on port[0] = 21 [ 59.163239][ T7335] chnl_net:caif_netlink_parms(): no params data found [ 59.200497][ T7335] bridge0: port 1(bridge_slave_0) entered blocking state 02:22:33 executing program 1: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000080)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x200000000, 0x2, 0x0, 0x0, 0x0, 0x0, 0xfffc}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000001c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f0000d65000)={0x0, 0x0, 0x0}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) lstat(0x0, 0x0) signalfd4(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffdb0}, 0x8, 0x0) r0 = getpgrp(0xffffffffffffffff) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x40, 0x4, 0xff, 0x0, 0x0, 0x20, 0xa0000, 0x16672036b91e54d4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x200, 0x0, @perf_bp={&(0x7f0000000100)}, 0x1000, 0xfffffffffffffff8, 0x6, 0x5, 0x5, 0x6}, r0, 0x0, 0xffffffffffffffff, 0xe) [ 59.207860][ T7335] bridge0: port 1(bridge_slave_0) entered disabled state [ 59.218225][ T7335] device bridge_slave_0 entered promiscuous mode [ 59.227200][ T7335] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.250738][ T7335] bridge0: port 2(bridge_slave_1) entered disabled state [ 59.267696][ T7335] device bridge_slave_1 entered promiscuous mode [ 59.324755][ T7335] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 59.353619][ T7335] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 59.397637][ T7335] team0: Port device team_slave_0 added [ 59.413401][ T7335] team0: Port device team_slave_1 added 02:22:34 executing program 2: open(0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket(0x10, 0x2, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000140)='net/mcfilter\x00') ioctl$VIDIOC_SUBDEV_G_FMT(r1, 0xc0585604, &(0x7f0000001300)={0x0, 0x0, {0x0, 0x401, 0x1016, 0x0, 0x0, 0x191c98fdb7637bbd, 0x0, 0x6}}) syz_read_part_table(0x0, 0x6876b688bcd26e3, &(0x7f0000000080)=[{&(0x7f0000000000)="0201a9ffffff0a000000ff07000000ffffff82000800000000000000004000ffffff85000000e1000000887700720030b5829237c30000000000008000da55aa", 0x40, 0x1c0}]) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) socket$inet6(0xa, 0x2, 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000000140)='net/mcfilter\x00') preadv(r4, &(0x7f0000000480), 0x10000000000002a1, 0x10400003) [ 59.484993][ T7335] device hsr_slave_0 entered promiscuous mode [ 59.525623][ T7335] device hsr_slave_1 entered promiscuous mode [ 59.600119][ T7335] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.607243][ T7335] bridge0: port 2(bridge_slave_1) entered forwarding state [ 59.614833][ T7335] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.622104][ T7335] bridge0: port 1(bridge_slave_0) entered forwarding state [ 59.671845][ T7338] IPVS: ftp: loaded support on port[0] = 21 02:22:34 executing program 3: socket$key(0xf, 0x3, 0x2) syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) socket$inet6(0xa, 0x2, 0x0) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000300)='/dev/rfkill\x00', 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000380)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b9}, &(0x7f0000000200)={0x0, r3+30000000}, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) [ 59.809723][ T7335] 8021q: adding VLAN 0 to HW filter on device bond0 [ 59.868428][ T7341] IPVS: ftp: loaded support on port[0] = 21 [ 59.889053][ T7338] chnl_net:caif_netlink_parms(): no params data found [ 59.909935][ T7335] 8021q: adding VLAN 0 to HW filter on device team0 [ 59.926803][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 59.944619][ T5] bridge0: port 1(bridge_slave_0) entered disabled state [ 59.974656][ T5] bridge0: port 2(bridge_slave_1) entered disabled state [ 59.995013][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 60.066393][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 60.083793][ T44] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.090860][ T44] bridge0: port 1(bridge_slave_0) entered forwarding state [ 60.112659][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 60.132458][ T44] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.139561][ T44] bridge0: port 2(bridge_slave_1) entered forwarding state 02:22:34 executing program 4: sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000001440)=ANY=[@ANYBLOB="20000000680013080000020000000000dd01fe7885b7c7000800054c1ed3000200000000000001f36b6744254ffe2e4173a157dcd8d2476d0c795bd3bfc6afb407dcd6d43801962cbbb4bc9481b435845656e6f859378cc70000e9a6f60d9485b06f4afb80abb4b501000000000c6d757a3cc10ed9abb13edfa687bdd02808a5605d1b73d76ea549e2052287287c9acc01ec20b74203a14c6fd77505d76a2b0931452fde7034abef015a25a0e00a08d1379de0111f9b64e8d84d2864c900000000001300"/207, @ANYRES32=0x0], 0x20}}, 0x0) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x218fe53f1794f59, 0x0) r0 = socket(0x10, 0x80002, 0x0) setsockopt$netlink_NETLINK_CAP_ACK(r0, 0x10e, 0xa, &(0x7f0000000040)=0x3, 0x4) sendmmsg$alg(r0, &(0x7f0000000140), 0x6b7, 0x0) [ 60.201095][ T7335] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 60.213227][ T7335] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 60.237647][ T7346] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 60.251377][ T7347] IPVS: ftp: loaded support on port[0] = 21 [ 60.259205][ T7346] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 60.275191][ T7346] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 60.286425][ T7346] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 60.296051][ T7346] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 60.306405][ T7346] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 60.316681][ T7346] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 60.327842][ T7346] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 60.365396][ T7335] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 60.384030][ T7338] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.391169][ T7338] bridge0: port 1(bridge_slave_0) entered disabled state [ 60.404579][ T7338] device bridge_slave_0 entered promiscuous mode [ 60.429659][ T7346] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 60.439059][ T7346] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 60.471334][ T7338] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.479023][ T7338] bridge0: port 2(bridge_slave_1) entered disabled state [ 60.488832][ T7338] device bridge_slave_1 entered promiscuous mode [ 60.519680][ T7352] IPVS: ftp: loaded support on port[0] = 21 [ 60.573970][ T7338] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 60.623495][ T7338] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link 02:22:35 executing program 5: syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000013c0)={[{@uni_xlate='uni_xlate=1'}]}) [ 60.725293][ T7341] chnl_net:caif_netlink_parms(): no params data found [ 60.739738][ T7338] team0: Port device team_slave_0 added [ 60.783600][ C1] hrtimer: interrupt took 27484 ns [ 60.813896][ T7338] team0: Port device team_slave_1 added [ 60.824074][ T26] kauditd_printk_skb: 8 callbacks suppressed [ 60.824105][ T26] audit: type=1804 audit(1570242155.382:31): pid=7358 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir081036462/syzkaller.hK5Tgi/0/bus" dev="sda1" ino=16518 res=1 [ 60.869073][ T26] audit: type=1804 audit(1570242155.432:32): pid=7360 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir081036462/syzkaller.hK5Tgi/0/bus" dev="sda1" ino=16518 res=1 [ 60.911308][ T26] audit: type=1804 audit(1570242155.482:33): pid=7360 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir081036462/syzkaller.hK5Tgi/0/bus" dev="sda1" ino=16518 res=1 02:22:35 executing program 0: r0 = creat(&(0x7f00000001c0)='./bus\x00', 0xffffffffffdffffe) r1 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$apparmor_current(r1, &(0x7f0000000380)=ANY=[@ANYRES64], 0x1) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$setstatus(r2, 0x4, 0x42800) r3 = open(&(0x7f0000000180)='./bus\x00', 0x0, 0x0) lsetxattr$security_selinux(0x0, &(0x7f00000002c0)='security.selinux\x00', &(0x7f0000000340)='system_u:object_r:inetd_var_run_t:s0\x00', 0x25, 0x0) getxattr(0x0, 0x0, &(0x7f0000000400)=""/206, 0xce) sendfile(r1, r3, 0x0, 0x8000fffffffe) creat(&(0x7f0000000140)='./bus\x00', 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc(&(0x7f0000000440)='TIPC\x00') sendmsg$TIPC_CMD_RESET_LINK_STATS(r4, 0x0, 0x0) sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r3, &(0x7f00000005c0)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000580)={0x0}, 0x1, 0x0, 0x0, 0x20000800}, 0x80050) pipe(&(0x7f0000000200)={0xffffffffffffffff}) vmsplice(r5, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) bind$netlink(0xffffffffffffffff, &(0x7f0000000000)={0x10, 0x0, 0x25dfdbfc}, 0xc) setsockopt$inet6_mtu(0xffffffffffffffff, 0x29, 0x17, &(0x7f0000000280), 0x4) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_sys\x00\xc7\xec\xac\xd9&{\x0f\x96\xad\xd1\x8fl![\x8f\xb9\f\xca\x1d\xc2{\xee\xb7\x03K\x0f\xa6\xaa;\xf6\x89\xf7b^\xa5\xafI\r\xc4\x9f\v\xf2\x1c\xdc\xddp2\xb7\xbb\x1b\xfev\xea\xed\xe0\xaa\xe8\xceR`\xbb\xf2\xed;pC\x19\xbfn\x16\xaa\x199\xfe.Q\xebvB\xd2\x19&l?\x87\x17H\x1f.\xdbA\x1b\xafz\xe3\xdc};*\xec\xfe\xfa\xfb/\x18g\x80y\xfe\x89', 0x26e1, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000600)={0xffffffffffffffff, 0x8, 0x10000, r0}) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000040)) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$kcm(0x29, 0x80000000000002, 0x0) write$cgroup_pid(0xffffffffffffffff, 0x0, 0x0) [ 60.977760][ T26] audit: type=1804 audit(1570242155.482:34): pid=7360 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir081036462/syzkaller.hK5Tgi/0/bus" dev="sda1" ino=16518 res=1 [ 61.060819][ T7347] chnl_net:caif_netlink_parms(): no params data found [ 61.076060][ T26] audit: type=1804 audit(1570242155.652:35): pid=7367 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir081036462/syzkaller.hK5Tgi/1/bus" dev="sda1" ino=16518 res=1 [ 61.137166][ T26] audit: type=1804 audit(1570242155.712:36): pid=7368 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir081036462/syzkaller.hK5Tgi/1/bus" dev="sda1" ino=16518 res=1 [ 61.167411][ T7338] device hsr_slave_0 entered promiscuous mode 02:22:35 executing program 0: r0 = creat(&(0x7f00000001c0)='./bus\x00', 0xffffffffffdffffe) r1 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$apparmor_current(r1, &(0x7f0000000380)=ANY=[@ANYRES64], 0x1) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$setstatus(r2, 0x4, 0x42800) r3 = open(&(0x7f0000000180)='./bus\x00', 0x0, 0x0) lsetxattr$security_selinux(0x0, &(0x7f00000002c0)='security.selinux\x00', &(0x7f0000000340)='system_u:object_r:inetd_var_run_t:s0\x00', 0x25, 0x0) getxattr(0x0, 0x0, &(0x7f0000000400)=""/206, 0xce) sendfile(r1, r3, 0x0, 0x8000fffffffe) creat(&(0x7f0000000140)='./bus\x00', 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc(&(0x7f0000000440)='TIPC\x00') sendmsg$TIPC_CMD_RESET_LINK_STATS(r4, 0x0, 0x0) sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r3, &(0x7f00000005c0)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000580)={0x0}, 0x1, 0x0, 0x0, 0x20000800}, 0x80050) pipe(&(0x7f0000000200)={0xffffffffffffffff}) vmsplice(r5, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) bind$netlink(0xffffffffffffffff, &(0x7f0000000000)={0x10, 0x0, 0x25dfdbfc}, 0xc) setsockopt$inet6_mtu(0xffffffffffffffff, 0x29, 0x17, &(0x7f0000000280), 0x4) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_sys\x00\xc7\xec\xac\xd9&{\x0f\x96\xad\xd1\x8fl![\x8f\xb9\f\xca\x1d\xc2{\xee\xb7\x03K\x0f\xa6\xaa;\xf6\x89\xf7b^\xa5\xafI\r\xc4\x9f\v\xf2\x1c\xdc\xddp2\xb7\xbb\x1b\xfev\xea\xed\xe0\xaa\xe8\xceR`\xbb\xf2\xed;pC\x19\xbfn\x16\xaa\x199\xfe.Q\xebvB\xd2\x19&l?\x87\x17H\x1f.\xdbA\x1b\xafz\xe3\xdc};*\xec\xfe\xfa\xfb/\x18g\x80y\xfe\x89', 0x26e1, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000600)={0xffffffffffffffff, 0x8, 0x10000, r0}) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000040)) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$kcm(0x29, 0x80000000000002, 0x0) write$cgroup_pid(0xffffffffffffffff, 0x0, 0x0) [ 61.213393][ T7338] device hsr_slave_1 entered promiscuous mode [ 61.282267][ T7338] debugfs: Directory 'hsr0' with parent '/' already present! [ 61.289754][ T26] audit: type=1804 audit(1570242155.862:37): pid=7371 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir081036462/syzkaller.hK5Tgi/2/bus" dev="sda1" ino=16518 res=1 [ 61.325116][ T7341] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.332849][ T7341] bridge0: port 1(bridge_slave_0) entered disabled state [ 61.340910][ T7341] device bridge_slave_0 entered promiscuous mode [ 61.356076][ T7363] IPVS: ftp: loaded support on port[0] = 21 [ 61.366202][ T26] audit: type=1804 audit(1570242155.932:38): pid=7372 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir081036462/syzkaller.hK5Tgi/2/bus" dev="sda1" ino=16518 res=1 [ 61.406263][ T7341] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.413998][ T7341] bridge0: port 2(bridge_slave_1) entered disabled state [ 61.422656][ T7341] device bridge_slave_1 entered promiscuous mode [ 61.439071][ T7347] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.446558][ T7347] bridge0: port 1(bridge_slave_0) entered disabled state [ 61.454982][ T7347] device bridge_slave_0 entered promiscuous mode [ 61.494658][ T7352] chnl_net:caif_netlink_parms(): no params data found [ 61.513591][ T7347] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.520723][ T7347] bridge0: port 2(bridge_slave_1) entered disabled state [ 61.529625][ T7347] device bridge_slave_1 entered promiscuous mode [ 61.539483][ T7341] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 61.551138][ T7341] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 61.581214][ T7338] 8021q: adding VLAN 0 to HW filter on device bond0 [ 61.620537][ T7338] 8021q: adding VLAN 0 to HW filter on device team0 [ 61.648438][ T7348] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 61.656772][ T7348] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 61.684236][ T7347] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 61.699684][ T7341] team0: Port device team_slave_0 added [ 61.718018][ T7346] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 61.727959][ T7346] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 61.740950][ T7346] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.748143][ T7346] bridge0: port 1(bridge_slave_0) entered forwarding state [ 61.761340][ T7346] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 61.770127][ T7346] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 61.783866][ T7346] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.791126][ T7346] bridge0: port 2(bridge_slave_1) entered forwarding state [ 61.804286][ T7346] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 61.816711][ T7346] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 61.837963][ T7347] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 61.858684][ T7338] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 61.877066][ T7338] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 61.892516][ T7341] team0: Port device team_slave_1 added [ 61.906926][ T3021] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 61.915294][ T3021] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 61.929866][ T3021] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 61.939591][ T3021] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 61.952965][ T3021] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 61.961998][ T3021] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 61.975210][ T3021] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 61.986437][ T3021] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 61.997688][ T3021] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 62.008386][ T7352] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.018053][ T7352] bridge0: port 1(bridge_slave_0) entered disabled state [ 62.028340][ T7352] device bridge_slave_0 entered promiscuous mode [ 62.085451][ T7346] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 62.097567][ T7346] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 62.123117][ T7338] 8021q: adding VLAN 0 to HW filter on device batadv0 02:22:36 executing program 0: r0 = creat(&(0x7f00000001c0)='./bus\x00', 0xffffffffffdffffe) r1 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$apparmor_current(r1, &(0x7f0000000380)=ANY=[@ANYRES64], 0x1) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$setstatus(r2, 0x4, 0x42800) r3 = open(&(0x7f0000000180)='./bus\x00', 0x0, 0x0) lsetxattr$security_selinux(0x0, &(0x7f00000002c0)='security.selinux\x00', &(0x7f0000000340)='system_u:object_r:inetd_var_run_t:s0\x00', 0x25, 0x0) getxattr(0x0, 0x0, &(0x7f0000000400)=""/206, 0xce) sendfile(r1, r3, 0x0, 0x8000fffffffe) creat(&(0x7f0000000140)='./bus\x00', 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc(&(0x7f0000000440)='TIPC\x00') sendmsg$TIPC_CMD_RESET_LINK_STATS(r4, 0x0, 0x0) sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r3, &(0x7f00000005c0)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000580)={0x0}, 0x1, 0x0, 0x0, 0x20000800}, 0x80050) pipe(&(0x7f0000000200)={0xffffffffffffffff}) vmsplice(r5, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) bind$netlink(0xffffffffffffffff, &(0x7f0000000000)={0x10, 0x0, 0x25dfdbfc}, 0xc) setsockopt$inet6_mtu(0xffffffffffffffff, 0x29, 0x17, &(0x7f0000000280), 0x4) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_sys\x00\xc7\xec\xac\xd9&{\x0f\x96\xad\xd1\x8fl![\x8f\xb9\f\xca\x1d\xc2{\xee\xb7\x03K\x0f\xa6\xaa;\xf6\x89\xf7b^\xa5\xafI\r\xc4\x9f\v\xf2\x1c\xdc\xddp2\xb7\xbb\x1b\xfev\xea\xed\xe0\xaa\xe8\xceR`\xbb\xf2\xed;pC\x19\xbfn\x16\xaa\x199\xfe.Q\xebvB\xd2\x19&l?\x87\x17H\x1f.\xdbA\x1b\xafz\xe3\xdc};*\xec\xfe\xfa\xfb/\x18g\x80y\xfe\x89', 0x26e1, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000600)={0xffffffffffffffff, 0x8, 0x10000, r0}) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000040)) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$kcm(0x29, 0x80000000000002, 0x0) write$cgroup_pid(0xffffffffffffffff, 0x0, 0x0) [ 62.136938][ T7352] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.146993][ T7352] bridge0: port 2(bridge_slave_1) entered disabled state [ 62.163684][ T7352] device bridge_slave_1 entered promiscuous mode [ 62.235852][ T7341] device hsr_slave_0 entered promiscuous mode [ 62.247557][ T26] audit: type=1804 audit(1570242156.822:39): pid=7378 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir081036462/syzkaller.hK5Tgi/3/bus" dev="sda1" ino=16518 res=1 [ 62.276880][ T7341] device hsr_slave_1 entered promiscuous mode [ 62.312330][ T26] audit: type=1804 audit(1570242156.882:40): pid=7379 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir081036462/syzkaller.hK5Tgi/3/bus" dev="sda1" ino=16518 res=1 [ 62.342591][ T7341] debugfs: Directory 'hsr0' with parent '/' already present! [ 62.354699][ T7347] team0: Port device team_slave_0 added [ 62.410195][ T7352] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 62.420698][ T7347] team0: Port device team_slave_1 added 02:22:37 executing program 0: r0 = creat(&(0x7f00000001c0)='./bus\x00', 0xffffffffffdffffe) r1 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$apparmor_current(r1, &(0x7f0000000380)=ANY=[@ANYRES64], 0x1) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$setstatus(r2, 0x4, 0x42800) r3 = open(&(0x7f0000000180)='./bus\x00', 0x0, 0x0) lsetxattr$security_selinux(0x0, &(0x7f00000002c0)='security.selinux\x00', &(0x7f0000000340)='system_u:object_r:inetd_var_run_t:s0\x00', 0x25, 0x0) getxattr(0x0, 0x0, &(0x7f0000000400)=""/206, 0xce) sendfile(r1, r3, 0x0, 0x8000fffffffe) creat(&(0x7f0000000140)='./bus\x00', 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc(&(0x7f0000000440)='TIPC\x00') sendmsg$TIPC_CMD_RESET_LINK_STATS(r4, 0x0, 0x0) sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r3, &(0x7f00000005c0)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000580)={0x0}, 0x1, 0x0, 0x0, 0x20000800}, 0x80050) pipe(&(0x7f0000000200)={0xffffffffffffffff}) vmsplice(r5, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) bind$netlink(0xffffffffffffffff, &(0x7f0000000000)={0x10, 0x0, 0x25dfdbfc}, 0xc) setsockopt$inet6_mtu(0xffffffffffffffff, 0x29, 0x17, &(0x7f0000000280), 0x4) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_sys\x00\xc7\xec\xac\xd9&{\x0f\x96\xad\xd1\x8fl![\x8f\xb9\f\xca\x1d\xc2{\xee\xb7\x03K\x0f\xa6\xaa;\xf6\x89\xf7b^\xa5\xafI\r\xc4\x9f\v\xf2\x1c\xdc\xddp2\xb7\xbb\x1b\xfev\xea\xed\xe0\xaa\xe8\xceR`\xbb\xf2\xed;pC\x19\xbfn\x16\xaa\x199\xfe.Q\xebvB\xd2\x19&l?\x87\x17H\x1f.\xdbA\x1b\xafz\xe3\xdc};*\xec\xfe\xfa\xfb/\x18g\x80y\xfe\x89', 0x26e1, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000600)={0xffffffffffffffff, 0x8, 0x10000, r0}) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000040)) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$kcm(0x29, 0x80000000000002, 0x0) write$cgroup_pid(0xffffffffffffffff, 0x0, 0x0) [ 62.451453][ T7352] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 62.520807][ T7352] team0: Port device team_slave_0 added [ 62.527318][ T7363] chnl_net:caif_netlink_parms(): no params data found [ 62.566380][ T7352] team0: Port device team_slave_1 added [ 62.608625][ T7347] device hsr_slave_0 entered promiscuous mode [ 62.672674][ T7347] device hsr_slave_1 entered promiscuous mode [ 62.702259][ T7347] debugfs: Directory 'hsr0' with parent '/' already present! [ 62.750033][ T7341] 8021q: adding VLAN 0 to HW filter on device bond0 02:22:37 executing program 1: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000080)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x200000000, 0x2, 0x0, 0x0, 0x0, 0x0, 0xfffc}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000001c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f0000d65000)={0x0, 0x0, 0x0}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) lstat(0x0, 0x0) signalfd4(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffdb0}, 0x8, 0x0) r0 = getpgrp(0xffffffffffffffff) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x40, 0x4, 0xff, 0x0, 0x0, 0x20, 0xa0000, 0x16672036b91e54d4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x200, 0x0, @perf_bp={&(0x7f0000000100)}, 0x1000, 0xfffffffffffffff8, 0x6, 0x5, 0x5, 0x6}, r0, 0x0, 0xffffffffffffffff, 0xe) [ 62.796078][ T7341] 8021q: adding VLAN 0 to HW filter on device team0 [ 62.856687][ T7352] device hsr_slave_0 entered promiscuous mode 02:22:37 executing program 0: r0 = creat(&(0x7f00000001c0)='./bus\x00', 0xffffffffffdffffe) r1 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$apparmor_current(r1, &(0x7f0000000380)=ANY=[@ANYRES64], 0x1) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$setstatus(r2, 0x4, 0x42800) r3 = open(&(0x7f0000000180)='./bus\x00', 0x0, 0x0) lsetxattr$security_selinux(0x0, &(0x7f00000002c0)='security.selinux\x00', &(0x7f0000000340)='system_u:object_r:inetd_var_run_t:s0\x00', 0x25, 0x0) getxattr(0x0, 0x0, &(0x7f0000000400)=""/206, 0xce) sendfile(r1, r3, 0x0, 0x8000fffffffe) creat(&(0x7f0000000140)='./bus\x00', 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc(&(0x7f0000000440)='TIPC\x00') sendmsg$TIPC_CMD_RESET_LINK_STATS(r4, 0x0, 0x0) sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r3, &(0x7f00000005c0)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000580)={0x0}, 0x1, 0x0, 0x0, 0x20000800}, 0x80050) pipe(&(0x7f0000000200)={0xffffffffffffffff}) vmsplice(r5, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) bind$netlink(0xffffffffffffffff, &(0x7f0000000000)={0x10, 0x0, 0x25dfdbfc}, 0xc) setsockopt$inet6_mtu(0xffffffffffffffff, 0x29, 0x17, &(0x7f0000000280), 0x4) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_sys\x00\xc7\xec\xac\xd9&{\x0f\x96\xad\xd1\x8fl![\x8f\xb9\f\xca\x1d\xc2{\xee\xb7\x03K\x0f\xa6\xaa;\xf6\x89\xf7b^\xa5\xafI\r\xc4\x9f\v\xf2\x1c\xdc\xddp2\xb7\xbb\x1b\xfev\xea\xed\xe0\xaa\xe8\xceR`\xbb\xf2\xed;pC\x19\xbfn\x16\xaa\x199\xfe.Q\xebvB\xd2\x19&l?\x87\x17H\x1f.\xdbA\x1b\xafz\xe3\xdc};*\xec\xfe\xfa\xfb/\x18g\x80y\xfe\x89', 0x26e1, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000600)={0xffffffffffffffff, 0x8, 0x10000, r0}) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000040)) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$kcm(0x29, 0x80000000000002, 0x0) write$cgroup_pid(0xffffffffffffffff, 0x0, 0x0) 02:22:37 executing program 1: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000080)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x200000000, 0x2, 0x0, 0x0, 0x0, 0x0, 0xfffc}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000001c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f0000d65000)={0x0, 0x0, 0x0}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) lstat(0x0, 0x0) signalfd4(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffdb0}, 0x8, 0x0) r0 = getpgrp(0xffffffffffffffff) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x40, 0x4, 0xff, 0x0, 0x0, 0x20, 0xa0000, 0x16672036b91e54d4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x200, 0x0, @perf_bp={&(0x7f0000000100)}, 0x1000, 0xfffffffffffffff8, 0x6, 0x5, 0x5, 0x6}, r0, 0x0, 0xffffffffffffffff, 0xe) [ 62.932633][ T7352] device hsr_slave_1 entered promiscuous mode [ 62.982240][ T7352] debugfs: Directory 'hsr0' with parent '/' already present! [ 62.996880][ T7363] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.017898][ T7363] bridge0: port 1(bridge_slave_0) entered disabled state [ 63.046292][ T7363] device bridge_slave_0 entered promiscuous mode [ 63.063331][ T7373] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 63.071315][ T7373] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 63.100573][ T7346] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 63.117111][ T7346] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 63.137118][ T7346] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.144339][ T7346] bridge0: port 1(bridge_slave_0) entered forwarding state [ 63.177395][ T7346] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 63.197123][ T7346] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 63.217014][ T7346] bridge0: port 2(bridge_slave_1) entered blocking state 02:22:37 executing program 1: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000080)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x200000000, 0x2, 0x0, 0x0, 0x0, 0x0, 0xfffc}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000001c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f0000d65000)={0x0, 0x0, 0x0}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) lstat(0x0, 0x0) signalfd4(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffdb0}, 0x8, 0x0) r0 = getpgrp(0xffffffffffffffff) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x40, 0x4, 0xff, 0x0, 0x0, 0x20, 0xa0000, 0x16672036b91e54d4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x200, 0x0, @perf_bp={&(0x7f0000000100)}, 0x1000, 0xfffffffffffffff8, 0x6, 0x5, 0x5, 0x6}, r0, 0x0, 0xffffffffffffffff, 0xe) [ 63.224137][ T7346] bridge0: port 2(bridge_slave_1) entered forwarding state [ 63.237740][ T7363] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.266613][ T7363] bridge0: port 2(bridge_slave_1) entered disabled state [ 63.274623][ T7363] device bridge_slave_1 entered promiscuous mode [ 63.326101][ T7363] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 63.361809][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 63.377399][ T7347] 8021q: adding VLAN 0 to HW filter on device bond0 [ 63.399930][ T7363] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 63.435335][ T7363] team0: Port device team_slave_0 added [ 63.441735][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 63.450833][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 63.459780][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 63.468378][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 63.486992][ T7341] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 63.497826][ T7341] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 63.511012][ T7363] team0: Port device team_slave_1 added [ 63.575204][ T7363] device hsr_slave_0 entered promiscuous mode [ 63.622503][ T7363] device hsr_slave_1 entered promiscuous mode [ 63.672346][ T7363] debugfs: Directory 'hsr0' with parent '/' already present! [ 63.679987][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 63.688047][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 63.699733][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 63.708178][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 63.716772][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 63.725097][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 63.733209][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 63.741239][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 63.752530][ T7347] 8021q: adding VLAN 0 to HW filter on device team0 [ 63.779987][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 63.787888][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 63.800291][ T7341] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 63.826712][ T7373] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 63.835504][ T7373] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 63.845042][ T7373] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.852101][ T7373] bridge0: port 1(bridge_slave_0) entered forwarding state [ 63.859841][ T7373] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 63.868508][ T7373] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 63.876794][ T7373] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.884207][ T7373] bridge0: port 2(bridge_slave_1) entered forwarding state [ 63.893735][ T7352] 8021q: adding VLAN 0 to HW filter on device bond0 [ 63.900717][ T7373] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 63.930601][ T7352] 8021q: adding VLAN 0 to HW filter on device team0 [ 63.938404][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 63.948233][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 63.958584][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 63.968474][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 63.977431][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 63.986361][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 63.995313][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 64.003807][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 64.011979][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 64.020563][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 64.029019][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 64.036817][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 64.044903][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 64.059293][ T7347] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 64.085993][ T7346] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 64.107434][ T7346] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 64.129636][ T7346] bridge0: port 1(bridge_slave_0) entered blocking state [ 64.136911][ T7346] bridge0: port 1(bridge_slave_0) entered forwarding state [ 64.157367][ T7346] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 64.166349][ T7346] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 64.175118][ T7346] bridge0: port 2(bridge_slave_1) entered blocking state [ 64.182391][ T7346] bridge0: port 2(bridge_slave_1) entered forwarding state [ 64.191139][ T7346] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 64.200686][ T7346] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 64.210669][ T7346] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 64.219727][ T7346] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 64.223905][ T7414] loop2: p1 p2 p3 < > p4 [ 64.229345][ T7346] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 64.240816][ T7414] loop2: p2 size 1073741824 extends beyond EOD, truncated [ 64.241915][ T7346] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 64.266308][ T7346] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 64.274741][ T7346] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 64.274768][ T7414] loop2: p4 size 3657465856 extends beyond EOD, truncated [ 64.305574][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 64.314306][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 64.323818][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 64.345784][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 64.357033][ T7352] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 64.378422][ T7347] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 64.408239][ T7363] 8021q: adding VLAN 0 to HW filter on device bond0 [ 64.429557][ T7352] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 64.448085][ T7363] 8021q: adding VLAN 0 to HW filter on device team0 [ 64.465114][ T7373] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 64.474222][ T7373] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 64.493329][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 64.503436][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 64.512745][ T17] bridge0: port 1(bridge_slave_0) entered blocking state [ 64.522288][ T17] bridge0: port 1(bridge_slave_0) entered forwarding state [ 64.560515][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 64.583077][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 64.591732][ T17] bridge0: port 2(bridge_slave_1) entered blocking state [ 64.598908][ T17] bridge0: port 2(bridge_slave_1) entered forwarding state [ 64.648300][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 64.676069][ T7346] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 64.691862][ T7346] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 64.712993][ T7346] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 64.723549][ T7346] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 64.733263][ T7346] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 64.746685][ T7346] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 64.760443][ T7346] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 64.770473][ T7346] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 64.782897][ T7363] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 64.801956][ T7363] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 64.812303][ T7346] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 64.821000][ T7346] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 64.851423][ T7346] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 64.876186][ T7363] 8021q: adding VLAN 0 to HW filter on device batadv0 02:22:39 executing program 2: open(0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket(0x10, 0x2, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000140)='net/mcfilter\x00') ioctl$VIDIOC_SUBDEV_G_FMT(r1, 0xc0585604, &(0x7f0000001300)={0x0, 0x0, {0x0, 0x401, 0x1016, 0x0, 0x0, 0x191c98fdb7637bbd, 0x0, 0x6}}) syz_read_part_table(0x0, 0x6876b688bcd26e3, &(0x7f0000000080)=[{&(0x7f0000000000)="0201a9ffffff0a000000ff07000000ffffff82000800000000000000004000ffffff85000000e1000000887700720030b5829237c30000000000008000da55aa", 0x40, 0x1c0}]) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) socket$inet6(0xa, 0x2, 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000000140)='net/mcfilter\x00') preadv(r4, &(0x7f0000000480), 0x10000000000002a1, 0x10400003) [ 65.057610][ T7437] ================================================================== [ 65.065863][ T7437] BUG: KCSAN: data-race in pipe_poll / pipe_write [ 65.072276][ T7437] [ 65.074610][ T7437] read to 0xffff888103e040f8 of 4 bytes by task 7443 on cpu 0: [ 65.082183][ T7437] pipe_poll+0x84/0x1d0 [ 65.086350][ T7437] do_select+0x7d0/0x1020 [ 65.090696][ T7437] core_sys_select+0x38b/0x520 [ 65.095985][ T7437] __x64_sys_pselect6+0x22a/0x280 [ 65.101130][ T7437] do_syscall_64+0xcf/0x2f0 [ 65.105641][ T7437] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 65.111521][ T7437] [ 65.113848][ T7437] write to 0xffff888103e040f8 of 4 bytes by task 7437 on cpu 1: [ 65.121480][ T7437] pipe_write+0x268/0x970 [ 65.125815][ T7437] new_sync_write+0x388/0x4a0 [ 65.130496][ T7437] __vfs_write+0xb1/0xc0 [ 65.134737][ T7437] vfs_write+0x18a/0x390 [ 65.138984][ T7437] ksys_write+0xd5/0x1b0 [ 65.143317][ T7437] __x64_sys_write+0x4c/0x60 [ 65.147907][ T7437] do_syscall_64+0xcf/0x2f0 [ 65.152412][ T7437] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 65.156176][ T7453] FAT-fs (loop5): bogus number of reserved sectors [ 65.158297][ T7437] [ 65.158302][ T7437] Reported by Kernel Concurrency Sanitizer on: [ 65.158318][ T7437] CPU: 1 PID: 7437 Comm: syz-executor.3 Not tainted 5.3.0+ #0 [ 65.158339][ T7437] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 65.177566][ T7453] FAT-fs (loop5): Can't find a valid FAT filesystem [ 65.180786][ T7437] ================================================================== [ 65.180796][ T7437] Kernel panic - not syncing: panic_on_warn set ... [ 65.180810][ T7437] CPU: 1 PID: 7437 Comm: syz-executor.3 Not tainted 5.3.0+ #0 [ 65.180818][ T7437] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 65.180822][ T7437] Call Trace: [ 65.180857][ T7437] dump_stack+0xf5/0x159 [ 65.237078][ T7437] panic+0x209/0x639 [ 65.240984][ T7437] ? vprintk_func+0x8d/0x140 [ 65.246097][ T7437] kcsan_report.cold+0x57/0xeb [ 65.250868][ T7437] __kcsan_setup_watchpoint+0x342/0x500 [ 65.256425][ T7437] __tsan_write4+0x32/0x40 [ 65.260846][ T7437] pipe_write+0x268/0x970 [ 65.265185][ T7437] new_sync_write+0x388/0x4a0 [ 65.269872][ T7437] __vfs_write+0xb1/0xc0 [ 65.274118][ T7437] vfs_write+0x18a/0x390 [ 65.278369][ T7437] ksys_write+0xd5/0x1b0 [ 65.282619][ T7437] __x64_sys_write+0x4c/0x60 [ 65.287211][ T7437] do_syscall_64+0xcf/0x2f0 [ 65.291725][ T7437] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 65.297617][ T7437] RIP: 0033:0x459a59 [ 65.301505][ T7437] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 65.321105][ T7437] RSP: 002b:00007f9e585b3c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 65.329522][ T7437] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 65.337496][ T7437] RDX: 0000000041395527 RSI: 0000000020000340 RDI: 0000000000000009 [ 65.345469][ T7437] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 65.353450][ T7437] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9e585b46d4 [ 65.361526][ T7437] R13: 00000000004c6227 R14: 00000000004e0cc8 R15: 00000000ffffffff [ 65.371190][ T7437] Kernel Offset: disabled [ 65.375521][ T7437] Rebooting in 86400 seconds..